(In reply to :Gijs (he/him) from comment #4) > Is there a broader plan for what we want here? Some questions that spring to mind (which perhaps are answered in such a doc somewhere): No, but I'll create a doc that consolidates all these answers: https://docs.google.com/document/d/1U5uHskPkJIUkASwLI6uVdFl2s0MM6dfPzCAoT0Bftms/edit > 0. I'm assuming we want to actually make this completely impossible, not just remove the UI and keep support for the internal "always run this plugin" state? Good question! I hadn't thought of that. We had planned to just remove the UI to prevent setting new always-allow site permissions and then let users' existing always-allow site permissions quietly expire after 90 days. But we should probably remove Gecko's always-run Flash code (somewhere in dom/plugins/base) now so Firefox Nightly users can actually experience the always-ask Flash UX now. If there are Flash issues, we want to find them during Nightly testing, not 90 days from now. :) However, we do *not* want to remove always-run support for the dummy NPAPI test plugin (used for our automated NPAPI tests), Widevine, or OpenH264! Widevine and OpenH264 are GMPs (Gecko Media Plugins), not NPAPI plugins, so they might use a different code path. Just something to watch for. > 1. do we need a pref to turn off this restriction if we uncover too many issues? I don't think we need a pref. Chrome has shipped a similar always-ask UX since September 2018, so there should not be any Flash sites that cause problems in Firefox but not Chrome: https://sites.google.com/a/chromium.org/dev/flash-roadmap#TOC-Non-Persisted-HTML5-by-Default-Target:-Chrome-69---September-2018- > 2. we still have a flash_only pref that allows other plugins to be used - in this bug, do we just want to remove support for "always run" for all plugins? > 3. can we remove support for the flash_only pref except when running automated tests (to reduce the testing/complexity matrix), or is that not possible at the moment? Flash and the dummy NPAPI test plugin are the only NPAPI plugins we support. Widevine and OpenH264 are also "plugins" but we do not want to remove their always-allow support. The flash_only pref should only be used for our automated NPAPI tests, so we can disable or remove the pref in non-test code paths, as long as disabling it doesn't affect Widevine or OpenH264. > 4. do existing users get this change applied, and/or do we need to notify them in any way beyond relnotes? All users should get this change. We don't need to notify users.
Bug 1519434 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to :Gijs (he/him) from comment #4) > Is there a broader plan for what we want here? Some questions that spring to mind (which perhaps are answered in such a doc somewhere): No, but I'll create a doc that consolidates all these answers: https://docs.google.com/document/d/1U5uHskPkJIUkASwLI6uVdFl2s0MM6dfPzCAoT0Bftms/edit > 0. I'm assuming we want to actually make this completely impossible, not just remove the UI and keep support for the internal "always run this plugin" state? Good question! I hadn't thought of that. We had planned to just remove the UI to prevent setting new always-allow site permissions and then let users' existing always-allow site permissions quietly expire after 90 days. But we should probably remove Gecko's always-run Flash code (somewhere in dom/plugins/base) now so Firefox Nightly users can actually experience the always-ask Flash UX now. If there are Flash issues, we want to find them during Nightly testing, not 90 days from now. :) We'll also need to remove any Flash code in the Site Permissions UI. However, we do *not* want to remove always-run support for the dummy NPAPI test plugin (used for our automated NPAPI tests), Widevine, or OpenH264! Widevine and OpenH264 are GMPs (Gecko Media Plugins), not NPAPI plugins, so they might use a different code path. Just something to watch for. > 1. do we need a pref to turn off this restriction if we uncover too many issues? I don't think we need a pref. Chrome has shipped a similar always-ask UX since September 2018, so there should not be any Flash sites that cause problems in Firefox but not Chrome: https://sites.google.com/a/chromium.org/dev/flash-roadmap#TOC-Non-Persisted-HTML5-by-Default-Target:-Chrome-69---September-2018- > 2. we still have a flash_only pref that allows other plugins to be used - in this bug, do we just want to remove support for "always run" for all plugins? > 3. can we remove support for the flash_only pref except when running automated tests (to reduce the testing/complexity matrix), or is that not possible at the moment? Flash and the dummy NPAPI test plugin are the only NPAPI plugins we support. Widevine and OpenH264 are also "plugins" but we do not want to remove their always-allow support. The flash_only pref should only be used for our automated NPAPI tests, so we can disable or remove the pref in non-test code paths, as long as disabling it doesn't affect Widevine or OpenH264. > 4. do existing users get this change applied, and/or do we need to notify them in any way beyond relnotes? All users should get this change. We don't need to notify users.